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Application No. 

09/774,429 



Examiner 

Chi-Chung E Lee 



Applicant(s) 

STRAHM ET AL 



Art Unit 

2131 



- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 704(b). 

Status 

1 )M Responsive to communication(s) filed on 30 January 2001 . 
2a)D This action is FINAL. 2b)l2 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1-26 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) IE Claim(s) 1-26 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

1 1) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 1 20 

1 3) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 

aO All b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 1 9(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 

Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) Paper No(s). . 

2) C] Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) CI Notice of Informal Patent Application (PTO-152) 

3) |3 Information Disclosure Statement(s) (PTO-1449) Paper No(s) ±6 . 6) D Other: 
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DETAILED ACTION 



Claim Rejections - 35 USC § 101 



1. 35 U.S.C 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claims 11-26 are rejected under 35 U.S.C, 101 because the subject matter is directed 
to non-statutory subject matter. 

Claims 11 are directed to non- functional descriptive data. It does not fall within the 
statutory classes listed in 35 U.S.C. 101. A system comprising a first mechanism and a second 
mechanism, which are schemes or computer programs (i.e. program or software, see page 8 line 
20-page 9 line 22) to determine if the packet is in the clear (i.e. is not encrypted) status. 

Claim 12 adds additional software element, a third mechanism, recited in claim 11. Thus 
they also recite non-statutory subject matter. 

Claims 13-26 recite further details of software recited in claim 1 1 . Thus they also recite 
non-statutory subject matter. 



Claim Rejections - 35 USC §112 



2. 



The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 



The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 
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Claims 11-26 are rejected under 35 U.S.C. 112, second paragraph, as being 



indefinite. 



The terms "perform an encryption procedure on the packet if the packet is encrypted and 
..." in claim 1 1 lines 7-8, which renders the claim indefinite. The specification does not provide 
or support double/duplicated encryptions on the packet, and one of ordinary skill in the art would 
not be reasonably appraised of the scope of the invention. To pursue the examining process, 
Examiner will treat this term "encryption" as a typographic and examine the claim 1 1 with the 
terms of "perform a decryption procedure on the packet if the packet is encrypted and 
Appropriate correction is required. 

Claims 12-26 are rejected by virtue of their dependencies. 



(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1 (a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 



3. Claims 1-2, 4-7, 9-26 are rejected under 35 U.S.C. 102(e) as being anticipated by 



Claim Rejections - 35 USC §102 



Harrison et al (US 6,539,483 Bl). 
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As per claim 6,7, Harrison discloses an article comprises a machine-readable medium 
(i.e. a computer readable medium, see column 10 lines 66-67) which stores machine- 
executable instructions (i.e. computer program product, see column 10 lines 66-67) that 
can be resident on one or more host computers such as a VPN network device (i.e. a 
machine). The VPN policies are stored in an LDAP server 100 and subsequently 
downloaded to VPN device 80 [see column 5 line 56-62]. Harrison discloses the VPN 
policy consists of a condition and an action. When a VPN device 80 receives network 
traffic, it determines the IPsec action. The traffic profile defines the type of network 
traffic for which the action should be performed and determine if a classification 
parameter is available for IPsec traffic that indicates a route (i.e. traffic profile, see figure 
2). Harrison discloses if a classification parameter is not available (i.e. action is a IPsec 
action), the VPN network device will decrypts the IPsec traffic using a shared secret key 
generated by the Internet Key Exchange (i.e. IKE) to determine the classification 
parameter (i.e. security association, SA, see column 2 lines 8-20) and forward the IPsec 
traffic based on the classification parameter (i.e. connection type, see figures 1, 2). 

As per claims 9,10, Harrison discloses the IPsec traffic includes a data packet (i.e. IP data 
packet, see column 1 lines 63-66) and forward other IPsec traffic included in a traffic 
stream with the IPsec traffic based on the classification parameter (i.e. the protocol in SA 
to define the packet, see column 2 lines 8-55). 
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As per claim 1,2, Harrison discloses the method determine the VPN policy consists of a 
condition and an action. When a VPN device 80 receives network traffic, it determines 
the IPsec action. The traffic profile defines the type of network traffic for which the 
action should be performed and determines if a classification parameter is available for 
IPsec traffic that indicates a route (i.e. traffic profile, see figure 2). Harrison discloses if 
a classification parameter is not available (i.e. action is a IPsec action), the VPN network 
device will decrypts the IPsec traffic using a shared secret key generated by the Internet 
Key Exchange (i.e. IKE) to determine the classification parameter (i.e. security 
association, SA, see column 2 lines 8-20) and forward the IPsec traffic based on the 
classification parameter (i.e. connection type, see figures 1, 2). 

As per claims 4-5, the claimed steps corresponds to the functions of the elements of the 
apparatus claims 9-10, which has been rejected above, and thus rejected with the same 
reason applied thereto. 

As per claim 1 1 , Harrison discloses a system (i.e. VPN network device). The VPN 
policies are stored in an LDAP server 100 and subsequently downloaded to VPN device 
80 [see column 5 line 56-62]. Harrison discloses the VPN policy consists of a condition 
and an action. When a VPN device 80 receives network traffic, it determines the IPsec 
action. The traffic profile defines the type of network traffic for which the action should 
be performed and determines if a classification parameter is available for IPsec traffic 
that indicates a route (i.e. traffic profile, see figure 2). Harrison discloses if a 
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classification parameter is not available (i.e. action is a IPsec action), the VPN network 
device will decrypts the IPsec traffic using a shared secret key generated by the Internet 
Key Exchange (i.e. IKE) to determine the classification parameter (i.e. security 
association, SA, see column 2 lines 8-20) and forward the IPsec traffic based on the 
classification parameter (i.e. connection type, see figures 1, 2). 

As per claims 12-17, 25, Harrison discloses the Policy configuration device 60 was 
configured to communicate with the VPN device 80 and LPAP server [see figure 1]. 
Harrison discloses the Policy configuration device 60 to create and update the VPN 
policies to determine a classification parameter (i.e. SA) for the packet. Harrison 
discloses the VPN policy consists of a condition and an action. When a VPN device 80 
receives network traffic, it determines the IPsec action. The traffic profile defines the 
type of network traffic for which the action should be performed and determines if a 
classification parameter is available for IPsec traffic that indicates a route (i.e. traffic 
profile, see figure 2). Harrison discloses if a classification parameter is not available 
(i.e. action is a IPsec action), the VPN network device will decrypts the IPsec traffic 
using a shared secret key generated by the Internet Key Exchange (i.e. IKE) to determine 
the classification parameter (i.e. security association, SA, see column 2 lines 8-20) and 
forward the IPsec traffic based on the classification parameter (i.e. connection type, see 
figures 1,2). 
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As per claims 18-19, Harrison discloses the IPsec traffic includes a data packet (i.e. IP 
data packet, see column 1 lines 63-66) and forward other IPsec traffic included in a traffic 
stream with the IPsec traffic based on the classification parameter (i.e. the protocol in SA 
to define the packet, see column 2 lines 8-55). 

As per claims 20-22, Harrison discloses if a classification parameter is not available (i.e. 
action is a IPsec action), the VPN network device will decrypts the IPsec traffic using a 
shared secret key generated by the Internet Key Exchange (i.e. IKE) to determine the 
classification parameter (i.e. security association, SA, see column 2 lines 8-20) and 
forward the IPsec traffic based on the classification parameter (i.e. connection type, see 
figures 1, 2). Harrison also discloses the VPN network includes the Internet [see column 
1 lines 18-28]. 

As per claims 23-24, 26, Harrison discloses the IPsec tunneling encryption process and 
ESP (encapsulating security payload) includes encrypting and decrypting the packet [see 
column 1 lines 41-65 and column 2 lines 35-55]. Harrison discloses the VPN device is 
configured to route packet included in the traffic stream based on a load balance scheme 
(i.e. payload scheme, see figures 2, 3). 
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Claim Rejections - 35 USC §103 



4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claims 3,8 are rejected under 35 U.S.C. 103(a) as being unpatentable over Harrison et al 
(US 6,539,483 Bl) as applied to claim 6 above, and further in view of Godwin et al (US 
6,505,192 Bl). 

As per claim 8, Harrison discloses the classification parameter (i.e. a security association, 
SA, see column 2 lines 8-20). 

Harrison does not expressly discloses the classification parameter (i.e. a Security 
association) includes a Security Parameter Index (SPI) associated with IPsec traffic 
includes a data packet. 

Godwin discloses the Security Association (SA) using the Security Parameter 
Index (SPI, see column 6 line 47-65 and figure 2) as an index into a hash table of 
Security associations (SA). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to include the SPI within the system of Harrison. 

One of the ordinary skill in the art would have been motivated to use SPI to 
identify the location of a security association (SA) that contains the details do how to 
process the packet. 
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As per claim 3, the claimed steps corresponds to the functions of the elements of the 
apparatus claim 8, which has been rejected above, and thus rejected with the same reason 
applied thereto. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chi-Chung E Lee whose telephone number is 703-306-4153. 
The examiner can normally be reached on 8 am - 5 pm, Mon. - FrL 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 



Conclusion 




Chi-Chung Lee 
9/11/03 




/ ayaz SHEIKH 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



